Memory Corruption Vulnerability in Linux Kernel Affecting AMD Accelerated Parallel Processing
CVE-2026-23280

7.8HIGH

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 25 March 2026

What is CVE-2026-23280?

A vulnerability in the Linux kernel related to the AMD accelerated parallel processing (accel/amdxdna) can lead to buffer overflow issues. An improper calculation of the user buffer size can result in an undersized memory allocation, potentially causing memory corruption. This flaw could be exploited to destabilize systems or execute malicious code. The vulnerability has been addressed by implementing validation checks using check_add_overflow() helpers to ensure accurate size calculations prior to memory allocation.

Affected Version(s)

Linux bd72d4acda1069579b35123e3cc0b21ec1193a21 < 1500b31db94374a6669e73ce94d6f71cf8e85e06

Linux bd72d4acda1069579b35123e3cc0b21ec1193a21 < 972bf4a23478fcb247b4f507d47a584bc8aea5bd

Linux bd72d4acda1069579b35123e3cc0b21ec1193a21 < 03808abb1d868aed7478a11a82e5bb4b3f1ca6d6

References

https://git.kernel.org/stable/c/1500b31db94374a6669e73ce9...

https://git.kernel.org/stable/c/972bf4a23478fcb247b4f507d...

https://git.kernel.org/stable/c/03808abb1d868aed7478a11a8...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 25, 2026
Vulnerability Reserved
Jan 13, 2026

CVE-2026-23280 Data

JSON